Serious back door Vulnerabilities spotted in TikTok
The security flaws were identified by a cybersecurity firm Check Point, which the company claims to have fixed
TikTok has broken all barriers of popularity, achieving 1.5 billion global users in just over two & a half years. The immense growth can be gauged from the fact that the app is available in 150 markets & used in 75 languages globally. Even more important is the niche that it serves — Generation Z which utilizes the app to create short video clips — mostly lip-synced of 3 to 15 seconds & short looping videos of 3 to 60 seconds.
Having achieved all these laurels, however, the application has been under fire from a lot of quarters for the potential risks identified within the application recently. A Cybersecurity firm Check Point pointed to multiple vulnerabilities that its researchers uncovered. Although the security firm made Tik Tok aware of these security flaws on November 20, 2019, which the latter claims to have addressed by December 15, 2019, as confirmed by Check Point — the damage is done.
The problems were brewing for Tik Tok, even before the report of these vulnerabilities surfaced. With its strong Chinese connection — the parent company ByteDance based in Beijing, the app was under intense scrutiny in the United States. Although the decision by American authorities to scrutinize Chinese technology like Tik Tok was considered more of a trade war by-product by some, that notion seems to be quelled with the recent revelations.
“What we’re trying to make sure people understand is that the cyberspace is something that doesn’t just start and end on a sophisticated platform, but that if you’re in cyberspace, even for day to day activity, your data and privacy are at risk.”
~ Oded Vanunu, Lead Researcher, Check Point
The vulnerabilities would have allowed hackers to send TickTok users malicious links via spoofed text messages, which once clicked would give control of their personal accounts to the attackers including uploading videos or accessing private videos. Another weakness would have allowed retrieval of personal information of the app users through the company’s website. Summarizing from the report, the hackers could do the following:
- Manipulating content in Tik Tok user accounts
- Delete videos
- Upload unauthorized videos
- Changing private videos to public access
- Reveal personal information like private email addresses
TikTok has actively denied that it is under the influence of the Chinese government & censoring material that the government there doesn’t like. It also stated that regional managers around the Globe had significant autonomy over decision making & operations. And despite fixing the security flaws, American lawmakers’ concerns about the app’s content policies and data practices remained heightened.
In November, a U.S. security panel had launched a national security review of ByteDance, with the U.S army launching a security assessment of the app in the month asking its soldiers not to use TikTok videos while in uniform. This was followed up by the Department of Defense urging its employees to delete the app from their mobile devices — the very next day the Navy banned the app, with the Army following suit on December 30.
Apps like TikTok, which are looking for aggressive growth pay less attention to testing security vulnerabilities & more on adding user-friendly features. This gives hackers ample opportunities to target services that have not been properly tested for real-world attacks. And with the majority of the app users being young and less mindful of security, it creates a major problem.
Keep in mind that TikTok was fined $5.7 million earlier in February of 2019 on charges of illegally collecting personal information from minors and is also under investigation from British Information Commissioner’s Office to determine if it violated European data privacy laws.